Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tinrao.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tinrao.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://tinrao.net/ | 200 OK Content-Length: 130227 Content-Type: text/html | clean |
http://tinrao.net/clientscript/vbulletin-core.js?v=420 | 200 OK Content-Length: 51945 Content-Type: application/x-javascript | clean |
http://tinrao.net/vtlai_js/jquery-1.8.2.min.js | 200 OK Content-Length: 93436 Content-Type: application/x-javascript | clean |
http://tinrao.net/vtlai_js/vtlai_preload_popup.js | 200 OK Content-Length: 2901 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.js | 200 OK Content-Length: 120619 Content-Type: text/javascript | clean |
http://tinrao.net/clientscript/vbulletin_read_marker.js?v=420 | 200 OK Content-Length: 4460 Content-Type: application/x-javascript | clean |
http://tinrao.net/clientscript/vbulletin_md5.js?v=420 | 200 OK Content-Length: 5464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://tinrao.net/clientscript/jquery.min.js | 200 OK Content-Length: 141992 Content-Type: application/x-javascript | clean |
http://tinrao.net/clientscript/jquery.max.js | 200 OK Content-Length: 3362 Content-Type: application/x-javascript | clean |
http://tinrao.net/clientscript/vbulletin-sidebar2.js?v=420 | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://tinrao.net/test404page.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://tinrao.net/clientscript/yui/animation/animation-min.js?v=420 | 200 OK Content-Length: 14240 Content-Type: application/x-javascript | clean |
http://xslt.alexa.com/site_stats/js/s/a?url=tinrao.net | 200 OK Content-Length: 3153 Content-Type: application/x-javascript | clean |
http://tinrao.net/clientscript/vbulletin_facebook.js?v=420 | 200 OK Content-Length: 6067 Content-Type: application/x-javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 11624 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tinrao.net
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Fri, 16 May 2014 16:07:06 GMT
Pragma: private
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: bb_sessionhash=b6b100cd52d7fecd60a89fba70c3e327; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1400256426; expires=Sat, 16-May-2015 16:07:06 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Sat, 16-May-2015 16:07:06 GMT; path=/
Set-Cookie: PHPSESSID=nasl6ehie1bmltpb6p6n2j9644; path=/
X-Powered-By: PHP/5.4.25
GET / HTTP/1.1
Host: tinrao.net
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Fri, 16 May 2014 16:07:06 GMT
Pragma: private
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: bb_sessionhash=b6b100cd52d7fecd60a89fba70c3e327; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1400256426; expires=Sat, 16-May-2015 16:07:06 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Sat, 16-May-2015 16:07:06 GMT; path=/
Set-Cookie: PHPSESSID=nasl6ehie1bmltpb6p6n2j9644; path=/
X-Powered-By: PHP/5.4.25
Second query (visit from search engine):
GET / HTTP/1.1
Host: tinrao.net
Referer: http://www.google.com/search?q=tinrao.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tinrao.net
Referer: http://www.google.com/search?q=tinrao.net
Result:
The result is similar to the first query. There are no suspicious redirects found.